Protected Store API (Windows Embedded CE 6.0)

1/6/2010

To protect sensitive information and to prevent data tampering, the protected store application programming interface (API) provides a convenient solution to cryptography, key management, and user experience issues. The two CryptoAPI functions, CryptProtectData and CryptUnprotectData, take the user's logon credentials to lock and unlock the private data.

Typically, only a user with logon credentials matching those of the encrypter can decrypt the data. In addition, decryption must be done on the computer where the data was decrypted.

The benefits of the protected store include the following:

  • An easy-to-use application that takes data and optional password or other entropy and receives shrouded data.
  • Data is protected from other users who are able to log on to the same device.
  • Data is protected from tampering while the device is offline.
  • The transparent use of logon credentials to supply the entropy for data protection.
  • Original equipment manufacturer extensibility that allows the use of hardware tokens such as smart cards or biometric devices.

See Also

Concepts

Protected Store

Other Resources

Enhancing the Security of a Device